0001: /*
0002: *
0003: *
0004: * Copyright 1990-2007 Sun Microsystems, Inc. All Rights Reserved.
0005: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER
0006: *
0007: * This program is free software; you can redistribute it and/or
0008: * modify it under the terms of the GNU General Public License version
0009: * 2 only, as published by the Free Software Foundation.
0010: *
0011: * This program is distributed in the hope that it will be useful, but
0012: * WITHOUT ANY WARRANTY; without even the implied warranty of
0013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
0014: * General Public License version 2 for more details (a copy is
0015: * included at /legal/license.txt).
0016: *
0017: * You should have received a copy of the GNU General Public License
0018: * version 2 along with this work; if not, write to the Free Software
0019: * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
0020: * 02110-1301 USA
0021: *
0022: * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
0023: * Clara, CA 95054 or visit www.sun.com if you need additional
0024: * information or have any questions.
0025: */
0026:
0027: package com.sun.midp.security;
0028:
0029: import com.sun.midp.i18n.Resource;
0030: import com.sun.midp.i18n.ResourceConstants;
0031:
0032: /**
0033: * This class is a standard list of permissions that
0034: * a suite can do and is used by all internal security
0035: * features. This class also builds a list of permission for each
0036: * security domain. This only class that would need to be updated in order to
0037: * add a new security domain.
0038: */
0039: public final class Permissions {
0040:
0041: /** Binding name of the Manufacturer domain. (all permissions allowed) */
0042: public static final String MANUFACTURER_DOMAIN_BINDING = "manufacturer";
0043:
0044: /** Binding name of the Operator domain. */
0045: public static final String OPERATOR_DOMAIN_BINDING = "operator";
0046:
0047: /** Binding name of the Third party Identified domain. */
0048: public static final String IDENTIFIED_DOMAIN_BINDING = "identified";
0049:
0050: /** Binding name of the Third party Unidentified domain. */
0051: public static final String UNIDENTIFIED_DOMAIN_BINDING = "unidentified";
0052:
0053: /**
0054: * Binding name of the Minimum domain for testing.
0055: * (all permissions denied)
0056: */
0057: public static final String MINIMUM_DOMAIN_BINDING = "minimum";
0058:
0059: /**
0060: * Binding name of the Maximum domain for testing.
0061: * (all public permissions allowed)
0062: */
0063: public static final String MAXIMUM_DOMAIN_BINDING = "maximum";
0064:
0065: /**
0066: * The maximum levels are held in the first element of the permissions
0067: * array.
0068: */
0069: public static final int MAX_LEVELS = 0;
0070: /**
0071: * The current levels are held in the first element of the permissions
0072: * array.
0073: */
0074: public static final int CUR_LEVELS = 1;
0075:
0076: /** com.sun.midp permission ID. */
0077: public static final int MIDP = 0;
0078: /** com.sun.midp.midletsuite.ams permission ID. */
0079: public static final int AMS = 1;
0080: /** javax.microedition.io.Connector.http permission ID. */
0081: public static final int HTTP = 2;
0082: /** javax.microedition.io.Connector.socket permission ID. */
0083: public static final int TCP = 3;
0084: /** javax.microedition.io.Connector.https permission ID. */
0085: public static final int HTTPS = 4;
0086: /** javax.microedition.io.Connector.ssl permission ID. */
0087: public static final int SSL = 5;
0088: /** javax.microedition.io.Connector.serversocket permission ID. */
0089: public static final int TCP_SERVER = 6;
0090: /** javax.microedition.io.Connector.datagram permission ID. */
0091: public static final int UDP = 7;
0092: /** javax.microedition.io.Connector.datagramreceiver permission ID. */
0093: public static final int UDP_SERVER = 8;
0094: /** javax.microedition.io.Connector.comm permission ID. */
0095: public static final int COMM = 9;
0096: /** javax.microedition.io.PushRegistry permission ID. */
0097: public static final int PUSH = 10;
0098: /** javax.microedition.io.Connector.sms permission ID. */
0099: public static final int SMS_SERVER = 11;
0100: /** javax.microedition.io.Connector.cbs permission ID. */
0101: public static final int CBS_SERVER = 12;
0102: /** javax.wireless.messaging.sms.send permission ID. */
0103: public static final int SMS_SEND = 13;
0104: /** javax.wireless.messaging.sms.receive permission ID. */
0105: public static final int SMS_RECEIVE = 14;
0106: /** javax.wireless.messaging.scbs.receive permission ID. */
0107: public static final int CBS_RECEIVE = 15;
0108: /** javax.microedition.media.RecordControl permission ID. */
0109: public static final int MM_RECORD = 16;
0110: /** javax.microedition.media.VideoControl.getSnapshot permission ID. */
0111: public static final int MM_IMAGE_CAPTURING = 17;
0112: /** javax.microedition.io.Connector.mms permission ID. */
0113: public static final int MMS_SERVER = 18;
0114: /** javax.wireless.messaging.mms.send permission ID. */
0115: public static final int MMS_SEND = 19;
0116: /** javax.wireless.messaging.mms.receive permission ID. */
0117: public static final int MMS_RECEIVE = 20;
0118: /** javax.microedition.apdu.aid permission ID. */
0119: public static final int APDU_CONNECTION = 21;
0120: /** javax.microedition.jcrmi permission ID. */
0121: public static final int JCRMI_CONNECTION = 22;
0122: /**
0123: * javax.microedition.securityservice.CMSSignatureService
0124: * permission ID.
0125: */
0126: public static final int SIGN_SERVICE = 23;
0127: /** javax.microedition.apdu.sat permission ID. */
0128: public static final int APDU_CHANNEL0 = 24;
0129:
0130: /** javax.microedition.content.ContentHandler permission ID. */
0131: public static final int CHAPI_REGISTER = 25;
0132:
0133: /** javax.microedition.pim.ContactList.read ID. */
0134: public static final int PIM_CONTACT_READ = 26;
0135: /** javax.microedition.pim.ContactList.write ID. */
0136: public static final int PIM_CONTACT_WRITE = 27;
0137: /** javax.microedition.pim.EventList.read ID. */
0138: public static final int PIM_EVENT_READ = 28;
0139: /** javax.microedition.pim.EventList.write ID. */
0140: public static final int PIM_EVENT_WRITE = 29;
0141: /** javax.microedition.pim.ToDoList.read ID. */
0142: public static final int PIM_TODO_READ = 30;
0143: /** javax.microedition.pim.ToDoList.write ID. */
0144: public static final int PIM_TODO_WRITE = 31;
0145: /** javax.microedition.io.Connector.file.read ID. */
0146: public static final int FILE_CONNECTION_READ = 32;
0147: /** javax.microedition.io.Connector.file.write ID. */
0148: public static final int FILE_CONNECTION_WRITE = 33;
0149:
0150: /** javax.microedition.io.Connector.obex.client ID. */
0151: public static final int OBEX_CLIENT = 34;
0152: /** javax.microedition.io.Connector.obex.server ID. */
0153: public static final int OBEX_SERVER = 35;
0154: /** javax.microedition.io.Connector.obex.client.tcp ID. */
0155: public static final int TCP_OBEX_CLIENT = 36;
0156: /** javax.microedition.io.Connector.obex.server.tcp ID. */
0157: public static final int TCP_OBEX_SERVER = 37;
0158:
0159: /** javax.microedition.io.Connector.bluetooth.client ID. */
0160: public static final int BLUETOOTH_CLIENT = 38;
0161: /** javax.microedition.io.Connector.bluetooth.server ID. */
0162: public static final int BLUETOOTH_SERVER = 39;
0163:
0164: /** javax.microedition.location.Location ID. */
0165: public static final int LOCATION = 40;
0166: /** javax.microedition.location.Orientation ID. */
0167: public static final int ORIENTATION = 41;
0168: /** javax.microedition.location.ProximityListener ID. */
0169: public static final int LOCATION_PROXIMITY = 42;
0170:
0171: /** javax.microedition.location.LandmarkStore.read ID. */
0172: public static final int LANDMARK_READ = 43;
0173: /** javax.microedition.location.LandmarkStore.write ID. */
0174: public static final int LANDMARK_WRITE = 44;
0175: /** javax.microedition.location.LandmarkStore.category ID. */
0176: public static final int LANDMARK_CATEGORY = 45;
0177: /** javax.microedition.location.LandmarkStore.management ID. */
0178: public static final int LANDMARK_MANAGE = 46;
0179: /** javax.microedition.io.Connector.sip permission ID. */
0180: public static final int SIP = 47;
0181: /** javax.microedition.io.Connector.sips permission ID. */
0182: public static final int SIPS = 48;
0183: /** javax.microedition.payment.process permission ID. */
0184: public static final int PAYMENT = 49;
0185:
0186: /** javax.microedition.amms.control.camera.enableShutterFeedback perm. ID */
0187: public static final int AMMS_CAMERA_SHUTTERFEEDBACK = 50;
0188: /** javax.microedition.amms.control.tuner.setPreset permission ID. */
0189: public static final int AMMS_TUNER_SETPRESET = 51;
0190:
0191: /*
0192: * IMPL_NOTE: if this value is changed, the appropriate change should be
0193: * made in suitestore_installer.c under ENABLE_CONTROL_ARGS_FROM_JAD
0194: * section. NUMBER_OF_PERMISSIONS was not moved to *.xml because it is never
0195: * used in native in normal case (i.e. when
0196: * ENABLE_CONTROL_ARGS_FROM_JAD=false).
0197: */
0198: /** Number of permissions. */
0199: public static final int NUMBER_OF_PERMISSIONS = 52;
0200:
0201: /** Never allow the permission. */
0202: public static final byte NEVER = 0;
0203: /** Allow an permission with out asking the user. */
0204: public static final byte ALLOW = 1;
0205: /**
0206: * Permission granted by the user until the the user changes it in the
0207: * settings form.
0208: */
0209: public static final byte BLANKET_GRANTED = 2;
0210: /**
0211: * Allow a permission to be granted or denied by the user
0212: * until changed in the settings form.
0213: */
0214: public static final byte BLANKET = 4;
0215: /** Allow a permission to be granted only for the current session. */
0216: public static final byte SESSION = 8;
0217: /** Allow a permission to be granted only for one use. */
0218: public static final byte ONESHOT = 16;
0219: /**
0220: * Permission denied by the user until the user changes it in the
0221: * settings form.
0222: */
0223: public static final byte BLANKET_DENIED = -128;
0224:
0225: /** Third Party Never permission group. */
0226: static final PermissionGroup NEVER_GROUP = new PermissionGroup(0,
0227: 0, 0, 0, 0, 0, NEVER, NEVER, NEVER, NEVER);
0228:
0229: /** Third Party Allowed permission group. */
0230: static final PermissionGroup ALLOWED_GROUP = new PermissionGroup(0,
0231: 0, 0, 0, 0, 0, ALLOW, ALLOW, ALLOW, ALLOW);
0232:
0233: /** Idenitified Third Party Allowed permission group. */
0234: static final PermissionGroup ID_ALLOWED_GROUP = new PermissionGroup(
0235: 0, 0, 0, 0, 0, 0, ALLOW, ALLOW, NEVER, NEVER);
0236:
0237: /** Net Access permission group. */
0238: static final PermissionGroup NET_ACCESS_GROUP = new PermissionGroup(
0239: ResourceConstants.AMS_MGR_NET_SETTINGS,
0240: ResourceConstants.AMS_MGR_NET_SETTINGS_QUE,
0241: ResourceConstants.AMS_MGR_NET_SETTINGS_QUE_DONT,
0242: ResourceConstants.PERMISSION_NET_ACCESS_DIALOG_TITLE,
0243: ResourceConstants.PERMISSION_NET_ACCESS_QUE, 0, BLANKET,
0244: SESSION, SESSION, ONESHOT);
0245:
0246: /** Read Message permission group. */
0247: static final PermissionGroup READ_MESSAGE_GROUP = new PermissionGroup(
0248: 0, 0, 0,
0249: ResourceConstants.PERMISSION_RECEIVE_MESSAGE_DIALOG_TITLE,
0250: ResourceConstants.PERMISSION_RECEIVE_MESSAGE_QUE, 0,
0251: BLANKET, BLANKET, BLANKET, BLANKET);
0252:
0253: /**
0254: * Send Message permission group. Send was broken out because send
0255: * is treated as one shot even though it is in the messaging group.
0256: */
0257: static final PermissionGroup SEND_MESSAGE_GROUP = new PermissionGroup(
0258: ResourceConstants.AMS_MGR_MSG_SETTINGS,
0259: ResourceConstants.AMS_MGR_MSG_SETTINGS_QUE,
0260: ResourceConstants.AMS_MGR_MSG_SETTINGS_QUE_DONT,
0261: ResourceConstants.PERMISSION_SEND_MESSAGE_DIALOG_TITLE,
0262: ResourceConstants.PERMISSION_SEND_MESSAGE_QUE, 0, ONESHOT,
0263: ONESHOT, ONESHOT, ONESHOT);
0264:
0265: /** Application Auto Invocation permission group. */
0266: static final PermissionGroup AUTO_INVOCATION_GROUP = new PermissionGroup(
0267: ResourceConstants.AMS_MGR_AUTO_START_SETTINGS,
0268: ResourceConstants.AMS_MGR_AUTO_START_SETTINGS_QUE,
0269: ResourceConstants.AMS_MGR_AUTO_START_SETTINGS_QUE_DONT,
0270: ResourceConstants.PERMISSION_AUTO_START_DIALOG_TITLE,
0271: ResourceConstants.PERMISSION_AUTO_START_QUE, 0, BLANKET,
0272: ONESHOT, SESSION, ONESHOT);
0273:
0274: /** Local Connectivity permission group. */
0275: static final PermissionGroup LOCAL_CONN_GROUP = new PermissionGroup(
0276: ResourceConstants.AMS_MGR_LOCAL_CONN_SETTINGS,
0277: ResourceConstants.AMS_MGR_LOCAL_CONN_SETTINGS_QUE,
0278: ResourceConstants.AMS_MGR_LOCAL_CONN_SETTINGS_QUE_DONT,
0279: ResourceConstants.PERMISSION_LOCAL_CONN_DIALOG_TITLE,
0280: ResourceConstants.PERMISSION_LOCAL_CONN_QUE, 0, BLANKET,
0281: SESSION, BLANKET, ONESHOT);
0282:
0283: /** Multimedia Recording permission group. */
0284: static final PermissionGroup MULTIMEDIA_GROUP = new PermissionGroup(
0285: ResourceConstants.AMS_MGR_REC_SETTINGS,
0286: ResourceConstants.AMS_MGR_REC_SETTINGS_QUE,
0287: ResourceConstants.AMS_MGR_REC_SETTINGS_QUE_DONT,
0288: ResourceConstants.PERMISSION_MULTIMEDIA_DIALOG_TITLE,
0289: ResourceConstants.PERMISSION_MULTIMEDIA_QUE, 0, BLANKET,
0290: SESSION, SESSION, ONESHOT);
0291:
0292: /** Read User Data permission group. */
0293: static final PermissionGroup READ_USER_DATA_GROUP = new PermissionGroup(
0294: ResourceConstants.AMS_MGR_READ_USER_DATA_SETTINGS,
0295: ResourceConstants.AMS_MGR_READ_USER_DATA_SETTINGS_QUE,
0296: ResourceConstants.AMS_MGR_READ_USER_DATA_SETTINGS_QUE_DONT,
0297: ResourceConstants.PERMISSION_READ_USER_DATA_TITLE,
0298: ResourceConstants.PERMISSION_READ_USER_DATA_QUE, 0,
0299: BLANKET, ONESHOT, ONESHOT, ONESHOT);
0300:
0301: /** Write User Data permission group. */
0302: static final PermissionGroup WRITE_USER_DATA_GROUP = new PermissionGroup(
0303: ResourceConstants.AMS_MGR_WRITE_USER_DATA_SETTINGS,
0304: ResourceConstants.AMS_MGR_WRITE_USER_DATA_SETTINGS_QUE,
0305: ResourceConstants.AMS_MGR_WRITE_USER_DATA_SETTINGS_QUE_DONT,
0306: ResourceConstants.PERMISSION_WRITE_USER_DATA_TITLE,
0307: ResourceConstants.PERMISSION_WRITE_USER_DATA_QUE,
0308: ResourceConstants.PERMISSION_WRITE_USER_DATA_ONESHOT_QUE,
0309: BLANKET, ONESHOT, ONESHOT, ONESHOT);
0310:
0311: /** Location permission group. */
0312: static final PermissionGroup LOCATION_GROUP = new PermissionGroup(
0313: ResourceConstants.AMS_MGR_LOC_SETTINGS,
0314: ResourceConstants.AMS_MGR_LOC_SETTINGS_QUE,
0315: ResourceConstants.AMS_MGR_LOC_SETTINGS_QUE_DONT,
0316: ResourceConstants.PERMISSION_LOCATION_TITLE,
0317: ResourceConstants.PERMISSION_LOCATION_QUE, 0, BLANKET,
0318: SESSION, SESSION, ONESHOT);
0319:
0320: /** Landmark store permission group. */
0321: static final PermissionGroup LANDMARK_GROUP = new PermissionGroup(
0322: ResourceConstants.AMS_MGR_LANDMARK_SETTINGS,
0323: ResourceConstants.AMS_MGR_LANDMARK_SETTINGS_QUE,
0324: ResourceConstants.AMS_MGR_LANDMARK_SETTINGS_QUE_DONT,
0325: ResourceConstants.PERMISSION_LANDMARK_TITLE, 0,
0326: ResourceConstants.PERMISSION_LANDMARK_QUE, BLANKET,
0327: SESSION, SESSION, ONESHOT);
0328:
0329: /** Smart card permission group. */
0330: static final PermissionGroup SMART_CARD_GROUP = new PermissionGroup(
0331: ResourceConstants.AMS_MGR_SMART_CARD_SETTINGS,
0332: ResourceConstants.AMS_MGR_SMART_CARD_SETTINGS_QUE,
0333: ResourceConstants.AMS_MGR_SMART_CARD_SETTINGS_QUE_DONT,
0334: ResourceConstants.PERMISSION_SMART_CARD_TITLE, 0,
0335: ResourceConstants.PERMISSION_SMART_CARD_QUE, BLANKET,
0336: SESSION, NEVER, NEVER);
0337:
0338: /** Authentication (identification) permission group. */
0339: static final PermissionGroup AUTHENTICATION_GROUP = new PermissionGroup(
0340: ResourceConstants.AMS_MGR_AUTHENTICATION_SETTINGS,
0341: ResourceConstants.AMS_MGR_AUTHENTICATION_SETTINGS_QUE,
0342: ResourceConstants.AMS_MGR_AUTHENTICATION_SETTINGS_QUE_DONT,
0343: ResourceConstants.PERMISSION_SIGNATURE_DIALOG_TITLE,
0344: ResourceConstants.PERMISSION_SIGNATURE_QUE, 0, BLANKET,
0345: SESSION, NEVER, NEVER);
0346:
0347: /** Call Control (restricted network connection) permission group. */
0348: static final PermissionGroup CALL_CONTROL_GROUP = new PermissionGroup(
0349: ResourceConstants.AMS_MGR_CALL_CONTROL_SETTINGS,
0350: ResourceConstants.AMS_MGR_CALL_CONTROL_SETTINGS_QUE,
0351: ResourceConstants.AMS_MGR_CALL_CONTROL_SETTINGS_QUE_DONT,
0352: ResourceConstants.PERMISSION_CALL_CONTROL_TITLE,
0353: ResourceConstants.PERMISSION_CALL_CONTROL_QUE, 0, BLANKET,
0354: ONESHOT, ONESHOT, ONESHOT);
0355:
0356: /** Permission specifications. */
0357: static final PermissionSpec[] permissionSpecs = {
0358: new PermissionSpec("com.sun.midp", NEVER_GROUP),
0359: new PermissionSpec("com.sun.midp.midletsuite.ams",
0360: NEVER_GROUP),
0361: new PermissionSpec("javax.microedition.io.Connector.http",
0362: NET_ACCESS_GROUP),
0363: new PermissionSpec(
0364: "javax.microedition.io.Connector.socket",
0365: NET_ACCESS_GROUP),
0366: new PermissionSpec("javax.microedition.io.Connector.https",
0367: NET_ACCESS_GROUP),
0368: new PermissionSpec("javax.microedition.io.Connector.ssl",
0369: NET_ACCESS_GROUP),
0370: new PermissionSpec(
0371: "javax.microedition.io.Connector.serversocket",
0372: NET_ACCESS_GROUP),
0373: new PermissionSpec(
0374: "javax.microedition.io.Connector.datagram",
0375: NET_ACCESS_GROUP),
0376: new PermissionSpec(
0377: "javax.microedition.io.Connector.datagramreceiver",
0378: NET_ACCESS_GROUP),
0379: new PermissionSpec("javax.microedition.io.Connector.comm",
0380: LOCAL_CONN_GROUP),
0381: new PermissionSpec("javax.microedition.io.PushRegistry",
0382: AUTO_INVOCATION_GROUP),
0383: new PermissionSpec("javax.microedition.io.Connector.sms",
0384: READ_MESSAGE_GROUP),
0385: new PermissionSpec("javax.microedition.io.Connector.cbs",
0386: READ_MESSAGE_GROUP),
0387: new PermissionSpec("javax.wireless.messaging.sms.send",
0388: SEND_MESSAGE_GROUP),
0389: new PermissionSpec("javax.wireless.messaging.sms.receive",
0390: READ_MESSAGE_GROUP),
0391: new PermissionSpec("javax.wireless.messaging.cbs.receive",
0392: READ_MESSAGE_GROUP),
0393: new PermissionSpec(
0394: "javax.microedition.media.control.RecordControl",
0395: MULTIMEDIA_GROUP),
0396: new PermissionSpec(
0397: "javax.microedition.media.control.VideoControl.getSnapshot",
0398: MULTIMEDIA_GROUP),
0399: new PermissionSpec("javax.microedition.io.Connector.mms",
0400: READ_MESSAGE_GROUP),
0401: new PermissionSpec("javax.wireless.messaging.mms.send",
0402: SEND_MESSAGE_GROUP),
0403: new PermissionSpec("javax.wireless.messaging.mms.receive",
0404: READ_MESSAGE_GROUP),
0405: new PermissionSpec("javax.microedition.apdu.aid",
0406: SMART_CARD_GROUP),
0407: new PermissionSpec("javax.microedition.jcrmi",
0408: SMART_CARD_GROUP),
0409: new PermissionSpec(
0410: "javax.microedition.securityservice.CMSMessageSignatureService",
0411: AUTHENTICATION_GROUP),
0412: new PermissionSpec("javax.microedition.apdu.sat",
0413: SMART_CARD_GROUP),
0414: new PermissionSpec(
0415: "javax.microedition.content.ContentHandler",
0416: AUTO_INVOCATION_GROUP),
0417: new PermissionSpec(
0418: "javax.microedition.pim.ContactList.read",
0419: READ_USER_DATA_GROUP),
0420: new PermissionSpec(
0421: "javax.microedition.pim.ContactList.write",
0422: WRITE_USER_DATA_GROUP),
0423: new PermissionSpec("javax.microedition.pim.EventList.read",
0424: READ_USER_DATA_GROUP),
0425: new PermissionSpec(
0426: "javax.microedition.pim.EventList.write",
0427: WRITE_USER_DATA_GROUP),
0428: new PermissionSpec("javax.microedition.pim.ToDoList.read",
0429: READ_USER_DATA_GROUP),
0430: new PermissionSpec("javax.microedition.pim.ToDoList.write",
0431: WRITE_USER_DATA_GROUP),
0432: new PermissionSpec(
0433: "javax.microedition.io.Connector.file.read",
0434: READ_USER_DATA_GROUP),
0435: new PermissionSpec(
0436: "javax.microedition.io.Connector.file.write",
0437: WRITE_USER_DATA_GROUP),
0438: new PermissionSpec(
0439: "javax.microedition.io.Connector.obex.client",
0440: LOCAL_CONN_GROUP),
0441: new PermissionSpec(
0442: "javax.microedition.io.Connector.obex.server",
0443: LOCAL_CONN_GROUP),
0444: new PermissionSpec(
0445: "javax.microedition.io.Connector.obex.client.tcp",
0446: LOCAL_CONN_GROUP),
0447: new PermissionSpec(
0448: "javax.microedition.io.Connector.obex.server.tcp",
0449: LOCAL_CONN_GROUP),
0450: new PermissionSpec(
0451: "javax.microedition.io.Connector.bluetooth.client",
0452: LOCAL_CONN_GROUP),
0453: new PermissionSpec(
0454: "javax.microedition.io.Connector.bluetooth.server",
0455: LOCAL_CONN_GROUP),
0456: new PermissionSpec("javax.microedition.location.Location",
0457: LOCATION_GROUP),
0458: new PermissionSpec(
0459: "javax.microedition.location.Orientation",
0460: LOCATION_GROUP),
0461: new PermissionSpec(
0462: "javax.microedition.location.ProximityListener",
0463: LOCATION_GROUP),
0464: new PermissionSpec(
0465: "javax.microedition.location.LandmarkStore.read",
0466: LANDMARK_GROUP),
0467: new PermissionSpec(
0468: "javax.microedition.location.LandmarkStore.write",
0469: LANDMARK_GROUP),
0470: new PermissionSpec(
0471: "javax.microedition.location.LandmarkStore.category",
0472: LANDMARK_GROUP),
0473: new PermissionSpec(
0474: "javax.microedition.location.LandmarkStore.management",
0475: LANDMARK_GROUP),
0476: new PermissionSpec("javax.microedition.io.Connector.sip",
0477: CALL_CONTROL_GROUP),
0478: new PermissionSpec("javax.microedition.io.Connector.sips",
0479: CALL_CONTROL_GROUP),
0480: new PermissionSpec("javax.microedition.payment.process",
0481: ID_ALLOWED_GROUP),
0482: new PermissionSpec(
0483: "javax.microedition.amms.control.camera.enableShutterFeedback",
0484: MULTIMEDIA_GROUP),
0485: new PermissionSpec(
0486: "javax.microedition.amms.control.tuner.setPreset",
0487: WRITE_USER_DATA_GROUP) };
0488:
0489: /**
0490: * Get the name of a permission.
0491: *
0492: * @param permission permission number
0493: *
0494: * @return permission name
0495: *
0496: * @exception SecurityException if the permission is invalid
0497: */
0498: public static String getName(int permission) {
0499: if (permission < 0 || permission >= permissionSpecs.length) {
0500: throw new SecurityException(SecurityToken.STD_EX_MSG);
0501: }
0502:
0503: return permissionSpecs[permission].name;
0504: }
0505:
0506: /**
0507: * Get the dialog title for a permission.
0508: *
0509: * @param permission permission number
0510: *
0511: * @return Resource constant for the permission dialog title
0512: * @exception SecurityException if the permission is invalid
0513: */
0514: public static int getTitle(int permission) {
0515: if (permission < 0 || permission >= permissionSpecs.length) {
0516: throw new SecurityException(SecurityToken.STD_EX_MSG);
0517: }
0518:
0519: return permissionSpecs[permission].group
0520: .getRuntimeDialogTitle();
0521: }
0522:
0523: /**
0524: * Get the question for a permission.
0525: *
0526: * @param permission permission number
0527: *
0528: * @return Resource constant for the permission question
0529: *
0530: * @exception SecurityException if the permission is invalid
0531: */
0532: public static int getQuestion(int permission) {
0533: if (permission < 0 || permission >= permissionSpecs.length) {
0534: throw new SecurityException(SecurityToken.STD_EX_MSG);
0535: }
0536:
0537: return permissionSpecs[permission].group.getRuntimeQuestion();
0538: }
0539:
0540: /**
0541: * Get the oneshot question for a permission.
0542: *
0543: * @param permission permission number
0544: *
0545: * @return Resource constant for the permission question
0546: *
0547: * @exception SecurityException if the permission is invalid
0548: */
0549: public static int getOneshotQuestion(int permission) {
0550: if (permission < 0 || permission >= permissionSpecs.length) {
0551: throw new SecurityException(SecurityToken.STD_EX_MSG);
0552: }
0553:
0554: return permissionSpecs[permission].group
0555: .getRuntimeOneshotQuestion();
0556: }
0557:
0558: /**
0559: * Determine if a domain is a trusted domain.
0560: *
0561: * @param domain Binding name of a domain
0562: *
0563: * @return true if a domain is trusted, false if not
0564: */
0565: public static boolean isTrusted(String domain) {
0566: if (MANUFACTURER_DOMAIN_BINDING.equals(domain)) {
0567: return true;
0568: }
0569:
0570: if (OPERATOR_DOMAIN_BINDING.equals(domain)) {
0571: return true;
0572: }
0573:
0574: if (MAXIMUM_DOMAIN_BINDING.equals(domain)) {
0575: return true;
0576: }
0577:
0578: if (IDENTIFIED_DOMAIN_BINDING.equals(domain)) {
0579: return true;
0580: }
0581:
0582: return false;
0583: }
0584:
0585: /**
0586: * Create a list of permission groups a domain is permitted to perform.
0587: *
0588: * @param name binding name of domain
0589: *
0590: * @return 2 arrays, the first containing the maximum level for each
0591: * permission, the second containing the default or starting level
0592: * for each permission supported
0593: */
0594: public static byte[][] forDomain(String name) {
0595: byte[] maximums = new byte[NUMBER_OF_PERMISSIONS];
0596: byte[] defaults = new byte[NUMBER_OF_PERMISSIONS];
0597: byte[][] permissions = { maximums, defaults };
0598:
0599: if (MANUFACTURER_DOMAIN_BINDING.equals(name)) {
0600: // All permissions allowed
0601: for (int i = 0; i < maximums.length; i++) {
0602: maximums[i] = ALLOW;
0603: defaults[i] = ALLOW;
0604: }
0605:
0606: return permissions;
0607: }
0608:
0609: if (OPERATOR_DOMAIN_BINDING.equals(name)
0610: || MAXIMUM_DOMAIN_BINDING.equals(name)) {
0611: for (int i = 0; i < maximums.length; i++) {
0612: maximums[i] = ALLOW;
0613: defaults[i] = ALLOW;
0614: }
0615:
0616: // Only public permissions allowed, never internal
0617: maximums[MIDP] = NEVER;
0618: defaults[MIDP] = NEVER;
0619: maximums[AMS] = NEVER;
0620: defaults[AMS] = NEVER;
0621:
0622: return permissions;
0623: }
0624:
0625: if (IDENTIFIED_DOMAIN_BINDING.equals(name)) {
0626: for (int i = 2; i < maximums.length; i++) {
0627: maximums[i] = permissionSpecs[i].group
0628: .getIdentifiedMaxiumLevel();
0629: defaults[i] = permissionSpecs[i].group
0630: .getIdentifiedDefaultLevel();
0631: }
0632:
0633: return permissions;
0634: }
0635:
0636: if (UNIDENTIFIED_DOMAIN_BINDING.equals(name)) {
0637: for (int i = 2; i < maximums.length; i++) {
0638: maximums[i] = permissionSpecs[i].group
0639: .getUnidentifiedMaxiumLevel();
0640: defaults[i] = permissionSpecs[i].group
0641: .getUnidentifiedDefaultLevel();
0642: }
0643:
0644: return permissions;
0645: }
0646:
0647: // the default domain is minimum, all permissions denied
0648: return permissions;
0649: }
0650:
0651: /**
0652: * Create an empty list of permission groups.
0653: *
0654: * @return array containing the empty permission groups
0655: */
0656: public static byte[] getEmptySet() {
0657: byte[] permissions = new byte[NUMBER_OF_PERMISSIONS];
0658:
0659: // Assume perms array is non-null
0660: for (int i = 0; i < permissions.length; i++) {
0661: // This is default permission
0662: permissions[i] = Permissions.NEVER;
0663: }
0664:
0665: return permissions;
0666: }
0667:
0668: /**
0669: * Get a list of all permission groups for the settings dialog.
0670: *
0671: * @return array of permission groups
0672: */
0673: public static PermissionGroup[] getSettingGroups() {
0674: PermissionGroup[] groups = new PermissionGroup[12];
0675:
0676: groups[0] = NET_ACCESS_GROUP;
0677: groups[1] = SEND_MESSAGE_GROUP;
0678: groups[2] = AUTO_INVOCATION_GROUP;
0679: groups[3] = LOCAL_CONN_GROUP;
0680: groups[4] = MULTIMEDIA_GROUP;
0681: groups[5] = READ_USER_DATA_GROUP;
0682: groups[6] = WRITE_USER_DATA_GROUP;
0683: groups[7] = LOCATION_GROUP;
0684: groups[8] = LANDMARK_GROUP;
0685: groups[9] = SMART_CARD_GROUP;
0686: groups[10] = AUTHENTICATION_GROUP;
0687: groups[11] = CALL_CONTROL_GROUP;
0688:
0689: return groups;
0690: }
0691:
0692: /**
0693: * Find the max level of all the permissions in the same group.
0694: *
0695: * This is a policy dependent function for permission grouping.
0696: *
0697: * @param levels array of permission levels
0698: * @param group desired permission group
0699: *
0700: * @return permission level
0701: */
0702: public static byte getPermissionGroupLevel(byte[] levels,
0703: PermissionGroup group) {
0704: byte maxLevel = NEVER;
0705:
0706: for (int i = 0; i < permissionSpecs.length; i++) {
0707: if (permissionSpecs[i].group == group && levels[i] != NEVER) {
0708: /*
0709: * Except for NEVER the lower the int value the higher
0710: * the permission level.
0711: */
0712: if (levels[i] < maxLevel || maxLevel == NEVER) {
0713: maxLevel = levels[i];
0714: }
0715: }
0716: }
0717:
0718: return maxLevel;
0719: }
0720:
0721: /**
0722: * Set the level of all the permissions in the same group as this
0723: * permission to the given level.
0724: * <p>
0725: * This is a policy dependent function for permission grouping.</p>
0726: *
0727: * The following combinations of permissions are mutually exclusive:
0728: * <ul>
0729: * <li> Any of Net Access, Messaging or Local Connectivity set to Blanket
0730: * in combination with any of Multimedia recording or Read User Data
0731: * Access set to Blanket</li>
0732: * <li> Application Auto Invocation (or push interrupt level) set to
0733: * Blanket and Net Access set to Blanket</li>
0734: * </ul>
0735: *
0736: * @param current current permission levels
0737: * @param pushInterruptLevel Push interrupt level
0738: * @param group desired permission group
0739: * @param level permission level
0740: *
0741: * @exception SecurityException if the change would produce a mutually
0742: * exclusive combination
0743: */
0744: public static void setPermissionGroup(byte[] current,
0745: byte pushInterruptLevel, PermissionGroup group, byte level)
0746: throws SecurityException {
0747:
0748: checkForMutuallyExclusiveCombination(current,
0749: pushInterruptLevel, group, level);
0750:
0751: for (int i = 0; i < permissionSpecs.length; i++) {
0752: if (permissionSpecs[i].group == group) {
0753: setPermission(current, i, level);
0754: }
0755: }
0756:
0757: /*
0758: * For some reason specs do not want separate send and
0759: * receive message groups, but want the questions and interrupt
0760: * level to be different for send, so internally we have 2 groups
0761: * that must be kept in synch. The setting dialog only presents
0762: * the send message group, see the getSettingGroups method.
0763: */
0764: if (group == SEND_MESSAGE_GROUP) {
0765: /*
0766: * Since the send group have a max level of oneshot, this method
0767: * will only code get used by the settings dialog, when a user
0768: * changes the send group from blanket denied to oneshot.
0769: */
0770: if (level != BLANKET_DENIED) {
0771: /*
0772: * If send is set to to any thing but blanket denied
0773: * then receive is set to blanket.
0774: */
0775: level = BLANKET_GRANTED;
0776: }
0777:
0778: for (int i = 0; i < permissionSpecs.length; i++) {
0779: if (permissionSpecs[i].group == READ_MESSAGE_GROUP) {
0780: setPermission(current, i, level);
0781: }
0782: }
0783:
0784: return;
0785: }
0786:
0787: if (group == READ_MESSAGE_GROUP && level == BLANKET_DENIED) {
0788: /*
0789: * This code will only be used when the user says no during
0790: * a message read runtime permission prompt.
0791: */
0792:
0793: for (int i = 0; i < permissionSpecs.length; i++) {
0794: if (permissionSpecs[i].group == SEND_MESSAGE_GROUP) {
0795: setPermission(current, i, BLANKET_DENIED);
0796: }
0797: }
0798: }
0799: }
0800:
0801: /**
0802: * Grant or deny of a permission and all of the other permissions in
0803: * it group.
0804: * <p>
0805: * This is a policy dependent function for permission grouping.</p>
0806: *
0807: * This method must only be used when not changing the interaction level
0808: * (blanket, session, one shot).
0809: *
0810: * @param current current permission levels
0811: * @param permission permission ID from the group
0812: * @param level permission level
0813: * @exception SecurityException if the change would produce a mutually
0814: * exclusive combination
0815: */
0816: public static void setPermissionGroup(byte[] current,
0817: int permission, byte level) throws SecurityException {
0818:
0819: if (permission < 0 || permission >= permissionSpecs.length) {
0820: return;
0821: }
0822:
0823: PermissionGroup group = permissionSpecs[permission].group;
0824:
0825: setPermissionGroup(current, NEVER, group, level);
0826: }
0827:
0828: /**
0829: * Check to see if a given push interrupt level would produce a mutually
0830: * exclusive combination for the current security policy. If so, throw
0831: * an exception.
0832: * <p>
0833: * This is a policy dependent function for permission grouping.</p>
0834: *
0835: * The mutually combination is the push interrupt level set to Blanket and
0836: * Net Access set to Blanket.
0837: *
0838: * @param current current permission levels
0839: * @param pushInterruptLevel Push interrupt level
0840: *
0841: * @exception SecurityException if the change would produce a mutually
0842: * exclusive combination
0843: */
0844: public static void checkPushInterruptLevel(byte[] current,
0845: byte pushInterruptLevel) throws SecurityException {
0846:
0847: byte level;
0848:
0849: if (pushInterruptLevel != BLANKET_GRANTED) {
0850: return;
0851: }
0852:
0853: level = getPermissionGroupLevel(current, NET_ACCESS_GROUP);
0854: if (level == BLANKET_GRANTED || level == BLANKET) {
0855: throw new SecurityException(
0856: createMutuallyExclusiveErrorMessage(
0857: ResourceConstants.AMS_MGR_INTRUPT,
0858: NET_ACCESS_GROUP.getName()));
0859: }
0860: }
0861:
0862: /**
0863: * Set the level the permission if the permission is not set to NEVER
0864: * or ALLOW.
0865: *
0866: * @param current current permission levels
0867: * @param permission permission ID for permission to set
0868: * @param level permission level
0869: */
0870: private static void setPermission(byte[] current, int permission,
0871: byte level) {
0872: if (current[permission] != NEVER
0873: || current[permission] != ALLOW) {
0874: current[permission] = level;
0875: }
0876: }
0877:
0878: /**
0879: * Check to see if a given level for a group would produce a mutually
0880: * exclusive combination for the current security policy. If so, throw
0881: * an exception.
0882: * <p>
0883: * This is a policy dependent function for permission grouping.</p>
0884: *
0885: * The following combinations of permissions are mutually exclusive:
0886: * <ul>
0887: * <li> Any of Net Access, Messaging or Local Connectivity set to Blanket
0888: * in combination with any of Multimedia recording or Read User Data
0889: * Access set to Blanket</li>
0890: * <li> Application Auto Invocation set to Blanket and Net Access set to
0891: * Blanket</li>
0892: * </ul>
0893: *
0894: * @param current current permission levels
0895: * @param pushInterruptLevel Push interrupt level
0896: * @param group desired permission group
0897: * @param newLevel permission level
0898: *
0899: * @exception SecurityException if the change would produce a mutually
0900: * exclusive combination
0901: */
0902: private static void checkForMutuallyExclusiveCombination(
0903: byte[] current, byte pushInterruptLevel,
0904: PermissionGroup group, byte newLevel)
0905: throws SecurityException {
0906:
0907: byte level;
0908:
0909: if (newLevel != BLANKET_GRANTED) {
0910: return;
0911: }
0912:
0913: if (group == NET_ACCESS_GROUP) {
0914: if (pushInterruptLevel == BLANKET_GRANTED
0915: || pushInterruptLevel == BLANKET) {
0916: throw new SecurityException(
0917: createMutuallyExclusiveErrorMessage(
0918: NET_ACCESS_GROUP.getName(),
0919: ResourceConstants.AMS_MGR_INTRUPT));
0920: }
0921:
0922: level = getPermissionGroupLevel(current,
0923: AUTO_INVOCATION_GROUP);
0924: if (level == BLANKET_GRANTED || level == BLANKET) {
0925: throw new SecurityException(
0926: createMutuallyExclusiveErrorMessage(
0927: NET_ACCESS_GROUP, AUTO_INVOCATION_GROUP));
0928: }
0929:
0930: level = getPermissionGroupLevel(current,
0931: READ_USER_DATA_GROUP);
0932: if (level == BLANKET_GRANTED || level == BLANKET) {
0933: throw new SecurityException(
0934: createMutuallyExclusiveErrorMessage(
0935: NET_ACCESS_GROUP, READ_USER_DATA_GROUP));
0936: }
0937:
0938: level = getPermissionGroupLevel(current, MULTIMEDIA_GROUP);
0939: if (level == BLANKET_GRANTED || level == BLANKET) {
0940: throw new SecurityException(
0941: createMutuallyExclusiveErrorMessage(
0942: NET_ACCESS_GROUP, MULTIMEDIA_GROUP));
0943: }
0944:
0945: return;
0946: }
0947:
0948: if (group == LOCAL_CONN_GROUP) {
0949: level = getPermissionGroupLevel(current,
0950: READ_USER_DATA_GROUP);
0951: if (level == BLANKET_GRANTED || level == BLANKET) {
0952: throw new SecurityException(
0953: createMutuallyExclusiveErrorMessage(
0954: LOCAL_CONN_GROUP, READ_USER_DATA_GROUP));
0955: }
0956:
0957: level = getPermissionGroupLevel(current, MULTIMEDIA_GROUP);
0958: if (level == BLANKET_GRANTED || level == BLANKET) {
0959: throw new SecurityException(
0960: createMutuallyExclusiveErrorMessage(
0961: LOCAL_CONN_GROUP, MULTIMEDIA_GROUP));
0962: }
0963:
0964: return;
0965: }
0966:
0967: if (group == AUTO_INVOCATION_GROUP) {
0968: level = getPermissionGroupLevel(current, NET_ACCESS_GROUP);
0969: if (level == BLANKET_GRANTED || level == BLANKET) {
0970: throw new SecurityException(
0971: createMutuallyExclusiveErrorMessage(
0972: AUTO_INVOCATION_GROUP, NET_ACCESS_GROUP));
0973: }
0974: }
0975:
0976: if (group == READ_USER_DATA_GROUP) {
0977: level = getPermissionGroupLevel(current, NET_ACCESS_GROUP);
0978: if (level == BLANKET_GRANTED || level == BLANKET) {
0979: throw new SecurityException(
0980: createMutuallyExclusiveErrorMessage(
0981: READ_USER_DATA_GROUP, NET_ACCESS_GROUP));
0982: }
0983:
0984: level = getPermissionGroupLevel(current, LOCAL_CONN_GROUP);
0985: if (level == BLANKET_GRANTED || level == BLANKET) {
0986: throw new SecurityException(
0987: createMutuallyExclusiveErrorMessage(
0988: READ_USER_DATA_GROUP, LOCAL_CONN_GROUP));
0989: }
0990: }
0991:
0992: if (group == MULTIMEDIA_GROUP) {
0993: level = getPermissionGroupLevel(current, NET_ACCESS_GROUP);
0994: if (level == BLANKET_GRANTED || level == BLANKET) {
0995: throw new SecurityException(
0996: createMutuallyExclusiveErrorMessage(
0997: MULTIMEDIA_GROUP, NET_ACCESS_GROUP));
0998: }
0999:
1000: level = getPermissionGroupLevel(current, LOCAL_CONN_GROUP);
1001: if (level == BLANKET_GRANTED || level == BLANKET) {
1002: throw new SecurityException(
1003: createMutuallyExclusiveErrorMessage(
1004: MULTIMEDIA_GROUP, LOCAL_CONN_GROUP));
1005: }
1006: }
1007: }
1008:
1009: /**
1010: * Create a mutally exclusive permission setting error message.
1011: *
1012: * @param groupToSet Group that is to be set
1013: * @param blanketGroup The a mutually exclusive group that was set to
1014: * blanket
1015: *
1016: * @return Translated error message with both group names in it
1017: */
1018: private static String createMutuallyExclusiveErrorMessage(
1019: PermissionGroup groupToSet, PermissionGroup blanketGroup) {
1020: return createMutuallyExclusiveErrorMessage(
1021: groupToSet.getName(), blanketGroup.getName());
1022: }
1023:
1024: /**
1025: * Create a mutally exclusive permission setting error message.
1026: *
1027: * @param nameId ID of the first group in the message
1028: * @param otherNameId ID of the name of other group
1029: *
1030: * @return Translated error message with both group names in it
1031: */
1032: private static String createMutuallyExclusiveErrorMessage(
1033: int nameId, int otherNameId) {
1034: String[] values = { Resource.getString(nameId),
1035: Resource.getString(otherNameId) };
1036:
1037: return Resource
1038: .getString(
1039: ResourceConstants.PERMISSION_MUTUALLY_EXCLUSIVE_ERROR_MESSAGE,
1040: values);
1041: }
1042: }
1043:
1044: /** Specifies a permission name and its group. */
1045: class PermissionSpec {
1046: /** Name of permission. */
1047: String name;
1048:
1049: /** Group of permission. */
1050: PermissionGroup group;
1051:
1052: /**
1053: * Construct a permission specification.
1054: *
1055: * @param theName Name of permission
1056: * @param theGroup Group of permission
1057: */
1058: PermissionSpec(String theName, PermissionGroup theGroup) {
1059: name = theName;
1060: group = theGroup;
1061: }
1062: }
|